Many accounting firms do not have the legal agreements and frameworks in place to comply with current data breach legislation and protect themselves in the event of a breach and/or PI Insurance Claim.
Insurance companies can and have used these gaps to weasel out of insurance claims relating to data breaches.
Practice Protect has leveraged our huge client base to provide our Cloud Best Practice™ Certified user base with a suite of compliance documents that have been drafted with the accounting industry in mind.
Notifiable Breach legislation states that a firm with a Data Breach Response Plan will be looked upon favourably in the event of a data breach — and yet most firms don’t have a valid Plan.
We provide a Data Breach Response Plan document that can be quickly and easily customised to your firm.
With this document in hand, you’ll know exactly what to do in the event you even suspect there’s been a breach and reduce the legal requirement to notify the OIAC (Office of the Australian Information Commissioner) or the affected client(s).
Current legislation stipulates that the party that holds the relationship (the accountant) with the party whose information is breached (the client) is responsible for the protection of data and liable in the event that a data breach occurs.
However, third party contractors, outsourced functions and IT providers have access and a responsibility for the way they manage an accountant’s client privacy.
Having this in place limits the firms’ liability and emphasises responsibility on the third party in the event they’re responsible for a breach.
This agreement is essential if any third parties have access to sensitive data.
Our Client Engagement Letter language communicates your firm’s proactive approach to protecting client privacy and gives you a competitive advantage by positioning your firm as a leader in online privacy.
This document communicates the specific measures in place to restrict unauthorised access and minimise perceived risk to client privacy.
Cyber concerns are often an “unspoken question” from potential clients. Being proactive in addressing these concerns is a marketing strategy that savvy firms have employed to win more new business.
Employees are privy to a myriad of passwords and logins of varying importance across their working and personal lives.
It’s critical that you have a formal document in place to set company expectations on how access is managed and how company assets are used to access the internet.
This easy-to-read document sets firm-wide expectations with staff on their data hygiene responsibilities, so your liability is limited in the event a team member goes rogue or a third party mishandles your data.
Having a formal Internet Policy Document in place is a critical step in covering your interests, should a PI Insurance claim ever be made.
You may be curious why these documents are vital and what the real-world impact of not having the right documents in place can be.
A profitable 2-partner, 14-staff firm was breached by cyber-criminals, causing financial and reputational damage to clients.
The breach occurred because one of their team members was using non-secure passwords for their personal online accounts that they were also using for their work email logins.
A phishing scheme found the non-secure password, then cracked their work email using the same password. From there, clients were sent malicious links and “ransomware” that resulted in serious commercial damage to at least one firm.
That's bad enough, but the story gets worse: The firm's PI Insurer didn't validate their insurance claim, simply because the firm had no formal policy in place on how passwords should be managed.
“We were looking for a Single Sign On Solution. We have onboarded eleven staff in the Philippines and three staff in Australia. We wanted to make it nice and easy for our staff members to be able to get into the apps that they need on an everyday basis.
It just makes their lives so much easier and more productive. And we also wanted to have one hundred percent order protection for our clients – we didn’t want our staff members accessing clients’ ‘true’ logins.
We looked into a number of different products including Okta, Oracle SSO, Global Sign SSO, OneLogin, Visual Guide and Intermedia.
You have blown it out of the ballpark! I’ve been with PJT for the past six years and this has been the easiest out of any implementation we’ve been through. You’ve been a dream to deal with.”
“We have 34 staff and have been going from strength to strength over the past 25 years. Security has been a big challenge. We were hacked a few years ago. At the time we didn’t realise we were being hacked. It was happening for a few months.
We ended up losing $30,000. We have cyber insurance but that didn’t cover us for that particular event. So, it doesn’t matter how well you think you’re covered, you still need to have a whole lot of precautions in place as well. And one of the precautions we have now is Practice Protect.
Practice Protect has made life easier in other ways too. It’s great being able to switch off a staff member’s access when they leave. It’s like turning one key.”
“Most of our work is remote access so we need to be able to offer secure communications and work processes with our clients.
A friend’s firm was a victim of cybercrime. They lost their entire payroll. Their bank accounts were closed, and their business hobbled along while they got it sorted. It was very difficult for them.
As we have grown our practice, we have expanded our remote team. Both across Australia and overseas. We wanted something to be quick and easy to set them up. Equally, if a person moved on, we wouldn’t have to go into the individual software and change all the different passwords. We could just have one password for their Practice Protect account that immediately restricted their access to client accounts and files.
It made it easy for them and for us. Staff, clients and our business were all protected.”
“I first heard about Practice Protect at AccountExpo. I liked the idea, but at the time I was really busy, so I said, ‘let’s come back to this later’. Sure enough, two days later, all of our accounts got hacked into. We could have lost everything and everyone!
Getting started with Practice Protect was very simple. The thought of bringing on a new piece of software on top of our usual client work was a bit daunting, but those guys made it really nice and easy for us.
In addition to the peace of mind in knowing that everything’s secure, it just makes life so much easier. In the morning we can hit one button and we’re in. We can flick through bank accounts, access transactions, view supplier payments and so on. The amount of time that Practice Protect is saving us in a day, especially our bookkeeper, is amazing. We love it.
We’re excited to know that we can now sleep easy at night.”
“The shift to the cloud has been fantastic in terms of productivity, but it also brings risks as well.
The Practice Protect dashboard makes it easy for me to manage everyone’s logins. For whatever reasons someone needs to be disconnected because they leave or on holidays we can just switch them off. You can automatically save passwords the first time you use them. You don’t need to go looking up passwords every time you log in.
Our experience with Practice Protect’s support team has always been very good.
It gives me a lot of comfort and I can sleep at night knowing that we’re proactive managing those risks.”
“The move towards the cloud has been beneficial for our team and clients alike. We’ve won a number of awards for Excellence in Customer Service, Excellence in Digital Technology and Business of the Year. We’re really proud of that. And technology is something that sets us apart from other firms.
We found Practice Protect’s onboarding super easy. It’s powerful to be able to see who’s accessed what and when. The one-click staff offboarding is also very easy and valuable. And it’s now possible for us to work remotely. Practice Protect makes that easier and more secure.
As the owner of the firm, having the ability to control people’s access, when or where and what is very, very comforting.”